Vulnerabilidades em matrix-org
80 resultadosCVE-2024-42347HIGHURL preview setting for a room is controllable by the homeserver in matrix-react-sdkEPSS 0.4%CVE-2023-38691MEDIUMmatrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIsEPSS 0.4%CVE-2025-59047LOWmatrix-sdk-base has panic in the `RoomMember::normalized_power_level()` methodEPSS 0.4%CVE-2024-52505MEDIUMmatrix-appservice-irc allows IRC Command injection in provisioning APIEPSS 0.4%CVE-2021-32622MEDIUMFile upload local preview can run embedded scripts after user interactionEPSS 0.4%CVE-2023-41335LOWTemporary storage of plaintext passwords during password changes in matrix synapseEPSS 0.4%CVE-2025-27146LOWMatrix IRC Bridge allows IRC command injection to own puppeted userEPSS 0.3%CVE-2025-66622LOWmatrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event valuesEPSS 0.3%CVE-2024-52594MEDIUMServer-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlibEPSS 0.3%CVE-2025-48937MEDIUMmatrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administratorEPSS 0.3%CVE-2022-39200HIGHSignature checks not applied to some retrieved missing eventsEPSS 0.3%CVE-2023-43656MEDIUMSandbox escape for instances that have enabled transformation functions in matrix-hookshotEPSS 0.3%CVE-2024-40648MEDIUM`UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdkEPSS 0.3%CVE-2025-53549MEDIUMMatrix Rust SDK allows SQL injection in the EventCache implementationEPSS 0.3%CVE-2023-38686CRITICALSydent does not verify email server certificatesEPSS 0.2%CVE-2025-59160LOWmatrix-js-sdk has insufficient validation when considering a room to be upgraded by anotherEPSS 0.2%CVE-2025-27155MEDIUMIn-memory stored Cross-site scripting (XSS) vulnerability in pineconesimEPSS 0.2%CVE-2024-40640LOWUsage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemacEPSS 0.2%CVE-2024-34353MEDIUMmatrix-sdk-crypto contains a log exposure of private key of the server-side key backupEPSS 0.2%CVE-2024-34063LOWDegraded secret zeroization capabilities in vodozemacEPSS 0.1%